Learn the benefits of pairing SCA and SBOMs:
Like commercial software, open source contains vulnerabilities. Gaps in knowledge of how and which components are used lead organizations to unknowingly take on significant risks. Create your own Software Bill of Materials.
Mitigate risk by hardening the software supply chain. This includes examination of both internally and externally sourced code (and supporting scripts, configuration files and other artifacts) and containers.
Manage risk by establishing policies outlining acceptable use of open source and appropriate responses to the discovery of vulnerabilities or restrictive licenses in such code.
1 November 2019, Gartner, Inc., Technology Insight for Software Composition Analysis, Dale Gardner
DISCLAIMER: Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organizations and should not be constructed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.